I'm trying to say if all the 'OR's match then display. If it's remotely close to the custodian then display (LIKE)
To Leo, Yes I tried :custodian heres whole code. I commented out what you suggested because that's what works for now. (also changed the sql). I'm curious if the first query where I'm trying to get the 'count' matters. Let me know. Thanks.
$q = $_GET['q'];
$STH = $dbh->prepare("SELECT COUNT(*) FROM inv_assets WHERE po = :query OR serialNum = :query OR dop = :query OR purchaseFrom = :query OR custodian = :query");
$STH->bindParam(':query', $q);
//$STH->bindParam(':custodian', '%'.$q.'%');
$STH->execute();
if ($STH->fetchColumn() > 0) {
$STH = NULL;
$STH = $dbh->prepare("SELECT * FROM inv_assets WHERE po = :query OR serialNum = :query OR dop =:query OR purchaseFrom = :query OR custodian = :query");
$STH->bindParam(':query', $q);
//$STH->bindParam(':custodian', '%'.$q.'%');
$STH->execute();
showTable($STH,$perms);
LIKE replaces = not OR
Example:
SELECT first_name, last_name
FROM student_details
WHERE first_name LIKE 'S%' OR last_name LIKE 'A%';
Take a look here: SQL Comparison Keywords
An example of how to do PDO LIKE Queries.
$STH = $dbh->prepare("SELECT COUNT(*) FROM inv_assets
WHERE po = :query OR serialNum = :query OR dop = :query
OR purchaseFrom = :query OR custodian LIKE :custodian");
$ret = $STH->execute(array(':custodian' => '%'.$query.'%',':query' => $query));
Example with bindParam:
<?php
$STH = $dbh->prepare("SELECT COUNT(*) FROM inv_assets
WHERE po = :query OR serialNum = :query OR dop = :query
OR purchaseFrom = :query OR custodian LIKE :custodian");
$STH->bindParam(':custodian', '%'.$q.'%');
$STH->bindParam(':query', $q);
$STH->execute();
?>
<?php
$STH = $dbh->prepare("SELECT COUNT(*) FROM inv_assets
WHERE po = :query OR serialNum = :query OR dop = :query
OR purchaseFrom = :query OR custodian LIKE :custodian");
$custodian = "%".$q."%";
$STH->bindParam(':custodian', $custodian);
$STH->bindParam(':query', $q);
$STH->execute();
?>
this will avoid passing parameter 2 by reference error and works
Related
I have two text boxes keywords and location. when i search with keywords AND location it gives me the result but when i search only with location it does not.
$keywords = isset($_POST['keywords']) ? $_POST['keywords']:'';
$location = isset($_POST['location']) ? $_POST['location']:'';
if (isset($keywords)){
$search = "SELECT * FROM table1
WHERE table1 .field1 LIKE :keyword OR table1 .field2 LIKE :keyword ";
if(isset($location)){
$search .= "AND table1 .field5 LIKE :location";
}
}else if(isset($location)){
$search ="SELECT * FROM table1
WHERE jtable1 .field5 LIKE :location";
}
$keywords="%".$keywords."%";
$location="%".$location."%";
$statement = $connection->prepare($search);
$statement->execute(array(
':keyword'=> $keywords,
':location'=>$location
));
$result = $statement->fetchAll();
The first if stmt works but when when i search by location only, it gives me all the result but i just want to give result by that location.
I need to create a Prepared statement and incorporate it into a SELECT statement, as shown below. I am happy with creating the Prepared statement for line 1, but I need to include the result in the SELECT statement in line 2 as I cannot use the WHERE option because of line 4 (function of a search)
So, I guess I need some insight into how I can combine both the SELECT and prepared statement into line 2.
//$sql = "SELECT * FROM customer_crm WHERE sales_agent = '".$username."'";
$sql = "SELECT * FROM customer_crm";
$query = isset($_GET['query'])?('%'.$_GET['query'].'%'):'%';
$sql .= "WHERE company_name LIKE :query OR email LIKE :query OR
date_followup LIKE :query "; //is needed for a search function
$start = (($paginator->getCurrentPage()-1)*$paginator->itemsPerPage);
$length = ($paginator->itemsPerPage);
$sql .= "ORDER BY date_followup DESC limit :start, :length ";
$sth = $pdo->prepare($sql);
$sth->bindParam(':start',$start,PDO::PARAM_INT);
$sth->bindParam(':length',$length,PDO::PARAM_INT);
$sth->bindParam(':query',$query,PDO::PARAM_STR);
$sth->execute();
foreach ($sth->fetchAll(PDO::FETCH_ASSOC) as $row1)
You can't have two WHERE clauses. The second one should be AND to combine those conditions into the query.
$sql = "SELECT * FROM customer_crm WHERE sales_agent = :username";
$query = isset($_GET['query'])?('%'.$_GET['query'].'%'):'%';
$sql .= " AND (company_name LIKE :query OR email LIKE :query OR
date_followup LIKE :query)"; //is needed for a search function
$start = (($paginator->getCurrentPage()-1)*$paginator->itemsPerPage);
$length = ($paginator->itemsPerPage);
$sql .= " ORDER BY date_followup DESC limit :start, :length ";
$sth = $pdo->prepare($sql);
$sth->bindParam(':username', $username, PDO::PARAM_STR);
$sth->bindParam(':start',$start,PDO::PARAM_INT);
$sth->bindParam(':length',$length,PDO::PARAM_INT);
$sth->bindParam(':query',$query,PDO::PARAM_STR);
$sth->execute();
Pagination works fine when I don't use the WHERE statement in my SELECT statement. For some reason as soon as I add additional requests in the SELECT statement, only the 1st pagination page works. So it seems like the variable data is lost after the first page is displayed. Below is some of the code:-
<?php
include 'database.php';
include 'paginator.php';
$pdo = Database::connect();
$paginator = new Paginator();
$sql = "SELECT count(*) FROM customer_crm ";
$paginator->paginate($pdo->query($sql)->fetchColumn());
$query = $_GET["query"];
if (isset($query)) {
($_GET['query'])?('%'.$_GET['query'].'%'):'%';
$sql = "SELECT * FROM customer_crm WHERE firstname LIKE :query OR email LIKE :query OR telephone LIKE :query ";
}
else {
$start = (($paginator->getCurrentPage()-1)*$paginator->itemsPerPage);
$length = ($paginator->itemsPerPage);
//$sql = "SELECT * FROM customer_crm WHERE customer_group_id = $input OR date_followup= CURDATE() ORDER BY customer_group_id DESC limit $start, $length ";
$sql = "SELECT * FROM customer_crm ORDER BY date_followup DESC limit $start, $length ";
//$sql = "SELECT * FROM customer_crm WHERE customer_group_id = $input ORDER BY date_followup DESC limit $start, $length ";
}
$sth = $pdo->prepare($sql);
$sth->bindParam(':start',$start,PDO::PARAM_INT);
$sth->bindParam(':length',$length,PDO::PARAM_INT);
$sth->bindParam(':query',$query,PDO::PARAM_STR);
$sth->execute();
foreach ($sth->fetchAll(PDO::FETCH_ASSOC) as $row) {
Without knowing which Paginator are we talking about, I could only advise you to do something like
include 'database.php';
include 'paginator.php';
$pdo = Database::connect();
$paginator = new Paginator();
$query = (isset($_GET["query"]) && strlen($_GET["query"])>1)? '%'.$_GET["query"].'%':'%';
$countsql = "SELECT * FROM customer_crm WHERE firstname LIKE :query OR email LIKE :query OR telephone LIKE :query ";
$sthcount = $pdo->prepare($countsql);
$sthcount->bindParam(':query',$query,PDO::PARAM_STR);
$sthcount->execute();
$count=$sthcount->fetchColumn();
$paginator->paginate($count);
$start = (($paginator->getCurrentPage()-1)*$paginator->itemsPerPage);
$length = ($paginator->itemsPerPage);
$sql = $countsql . ' ORDER BY date_followup DESC limit :start, :length ';
$sth = $pdo->prepare($sql);
$sth->bindParam(':start',$start,PDO::PARAM_INT);
$sth->bindParam(':length',$length,PDO::PARAM_INT);
$sth->bindParam(':query',$query,PDO::PARAM_STR);
$sth->execute();
See, you where making two mistakes here:
getting your count value without considering the query. You should set the value of $query regardless of the existance of $_GET['query'], and use it in your count query as well as your results query.
binding parameters whose placeholders and values do not exist in the query you're executing. Make sure your results query contains :query, :start and :length or you will be binding more parameters than the query has.
You should also have wrapped your statements in try/catch blocks so you could debug what was happening.
try {
$sth = $pdo->prepare($sql);
$sth->bindParam(':start',$start,PDO::PARAM_INT);
$sth->bindParam(':length',$length,PDO::PARAM_INT);
$sth->bindParam(':query',$query,PDO::PARAM_STR);
$sth->execute();
} catch(\PDOException $e) {
die('Error in query: '. $e->getMessage());
}
That way you would have known that the query was failing because of
Invalid parameter number: parameter was not defined
NOTE I have no clue about how your paginator will know about the current page, nor can I see where are you setting the itemsPerPage value.
I'm working with PHP and MySQL. This query works, where my page URL is MySite/Carl_Sagan (Carl_Sagan = $MyURL) and Carl_Sagan is also a value in a database table named people, field URL:
$sql= "SELECT COUNT(URL) AS num FROM people WHERE URL = :MyURL";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':MyURL',$MyURL,PDO::PARAM_STR);
$stmt->execute();
$Total = $stmt->fetch();
switch($Total['num'])
{
case 1:
echo "\n";
require($BaseINC."/$MyPHP/inc/C/2_Child.php");
break;
case 0:
break;
default:
break;
}
But when I link several tables together through UNION ALL, turning it into a subquery, it doesn't work. I'm not getting any error messages, but the value for $Total['num'] is 0, when it should be 1.
Can anyone see the problem with my subquery, posted below?
$sql = "SELECT SUM(num) FROM (
SELECT COUNT(URL) AS num FROM pox_topics WHERE URL = :MyURL
UNION ALL
SELECT COUNT(URL) AS num FROM people WHERE URL = :MyURL
UNION ALL
SELECT COUNT(Taxon) AS num FROM gz_life WHERE Taxon = :MyURL
) AS X";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':MyURL',$MyURL,PDO::PARAM_STR);
$stmt->execute();
$Total = $stmt->fetch();
I should note that the subquery doesn't work even if I strip it down to the original table, like this:
$sql = "SELECT SUM(num) FROM (
SELECT COUNT(URL) AS num FROM people WHERE URL = :MyURL
) AS X";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':MyURL',$MyURL,PDO::PARAM_STR);
$stmt->execute();
$Total = $stmt->fetch();
There is no $Total['num'] anymore. Try SELECT SUM(num) AS num...
I am trying to search the field firstname and lastname for a keyword
$q1 = strtolower($_GET["q"]);
$q=str_replace(" ","%",$q1);
$sql = "select DISTINCT users.*, user_id FROM users WHERE $email_filter
firstname LIKE '%$q%' OR lastname LIKE '%$q%' ORDER BY lastname";
$rsd = mysql_query($sql);
while($rs = mysql_fetch_array($rsd)) { echo $results }
this is what I have so far, issue is if you use John Doe as an example once you type John it finds it, doe it finds it, but john doe ... no results
I recommend that you bind the variables. You are exposed to sql injections otherwise.
$stmt = $mysqli->prepare("select * from users where firstname like ? AND lastname like ?");
$stmt->bind_param('ss', $firstname,$lastname);
Something like
SELECT * FROM users where CONCAT(firstname, ' ', lastname) like '%$q%'
Or
SELECT * FROM users where CONCAT_WS(' ', firstname, lastname) like '%$q%'
And if reversing is desirable, try this:
SELECT * FROM users where CONCAT_WS(' ', firstname, lastname) like '%$q%'
or CONCAT_WS(' ', lastname, firstname) like '%$q%'
(that is, if searching for "A B" should return "A B" as well as "B A")
you have to split your query string and search for each terms
$query_terms = explode(" ", $q1);
$conditions = ''
foreach($query_terms as $term){
$conditions = $conditions.' firstname LIKE "%'.$term.'%" OR lastname LIKE "%'.$term.'%"';
}
$sql = "select DISTINCT users.*, user_id FROM users WHERE $email_filter $conditions ORDER BY lastname";